feat(admin): complete integration of auth, delivery, and system infrastructure modules
This commit is contained in:
comlibmb
17
docs/sql/20_rls/admin/ml_system_configs_rls_v1.sql
Normal file
17
docs/sql/20_rls/admin/ml_system_configs_rls_v1.sql
Normal file
@@ -0,0 +1,17 @@
|
||||
-- =====================================================================================
|
||||
-- RLS: 系统配置表安全策略
|
||||
-- 位置:docs/sql/20_rls/admin/ml_system_configs_rls_v1.sql
|
||||
-- 对象类型:RLS 策略
|
||||
-- 版本:v1
|
||||
-- 说明:允许所有登录用户读取配置;管理端全量操作通过 RPC (SECURITY DEFINER) 执行
|
||||
-- =====================================================================================
|
||||
|
||||
-- 启用 RLS
|
||||
ALTER TABLE public.ml_system_configs ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- 1. 允许所有登录用户读取配置 (用于前端业务逻辑判断)
|
||||
DROP POLICY IF EXISTS system_configs_select_policy ON public.ml_system_configs;
|
||||
CREATE POLICY system_configs_select_policy ON public.ml_system_configs
|
||||
FOR SELECT TO authenticated USING (true);
|
||||
|
||||
-- 管理端全量管理将通过 SECURITY DEFINER 的 RPC 接口执行,此处不再额外开放直接表操作
|
||||
17
docs/sql/20_rls/auth/ak_auth_rls_v1.sql
Normal file
17
docs/sql/20_rls/auth/ak_auth_rls_v1.sql
Normal file
@@ -0,0 +1,17 @@
|
||||
-- =====================================================================================
|
||||
-- RLS: 权限管理 (Auth) 安全策略
|
||||
-- 位置:docs/sql/20_rls/auth/ak_auth_rls_v1.sql
|
||||
-- 对象类型:RLS 策略
|
||||
-- 版本:v1
|
||||
-- 说明:角色与权限表默认不对外开放,全量管理通过 SECURITY DEFINER RPC 执行
|
||||
-- =====================================================================================
|
||||
|
||||
-- 启用 RLS
|
||||
ALTER TABLE public.ak_roles ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE public.ak_permissions ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE public.ak_admin_roles ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE public.ak_role_permissions ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- 默认策略:NO DIRECT ACCESS
|
||||
-- 所有的查询和修改均建议通过 docs/sql/30_rpc/auth/ 下的专用管理接口完成
|
||||
-- 这样可以确保鉴权逻辑与 ak_users.role 强制绑定,且具备审计能力
|
||||
24
docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
Normal file
24
docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
Normal file
@@ -0,0 +1,24 @@
|
||||
-- =====================================================================================
|
||||
-- RLS: 物流设置 (Delivery) 安全策略
|
||||
-- 位置:docs/sql/20_rls/delivery/ak_delivery_rls_v1.sql
|
||||
-- 对象类型:RLS 策略
|
||||
-- 版本:v1
|
||||
-- 说明:配送员表管理端私有;提货点表消费者端只读
|
||||
-- =====================================================================================
|
||||
|
||||
-- 启用 RLS
|
||||
ALTER TABLE public.ml_delivery_staff ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE public.ml_delivery_stations ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- 1. 配送员表策略:默认不开放直接访问
|
||||
-- 全量管理通过 docs/sql/30_rpc/delivery/ 下的 RPC 执行
|
||||
|
||||
-- 2. 提货点表策略:允许消费者端只读(用于地图展示和下单选择)
|
||||
DROP POLICY IF EXISTS delivery_stations_select_active ON public.ml_delivery_stations;
|
||||
CREATE POLICY delivery_stations_select_active
|
||||
ON public.ml_delivery_stations
|
||||
FOR SELECT
|
||||
TO anon, authenticated
|
||||
USING (status = 1);
|
||||
|
||||
-- 管理端全量管理将通过 SECURITY DEFINER 的 RPC 接口执行
|
||||
Reference in New Issue
Block a user